Microsoft 365 Copilot SearchLeak Flaw: Data Theft Risk
🟠 High | Source: The Hacker News Researchers at Varonis Threat Labs discovered a chain of three vulnerabilities in Microsoft 365 Copilot Enterprise Search, dubbed ‘SearchLeak’, that could be triggered by a single click on a legitimate microsoft.com link. The attack could silently exfiltrate emails, calendar entries, indexed files, and MFA codes without any obvious warning signs. Because the malicious link originated from a trusted Microsoft domain, standard phishing filters and URL-blocking tools would not have flagged it. ...